Office of Higher Ed glitch exposes student data

The state Office of Higher Education says a coding error in its SELF Loan website may have exposed students’ personal data to unauthorized users.

The data contained in the site included names, social security numbers and email addresses.

Higher Education Commissioner Larry Pogemiller says he’s not yet sure how many student accounts are involved. Last year the program processed about 10,000 student loans, but he cautioned that number may not reflect the size of the exposure.

He says he’s concerned, but says computer staff have found no evidence of hacking.

“We think that there’s been no downloading of data,” he said. “We believe it’s just this viewing that could have happened.”

He also said no other financial information — such as loan data — was on the site.

Authorities discovered the error Tuesday after being notified by a student who’d seen names and private data on the site.

Staff immediately corrected the error, but state officials don’t yet know how long the information was exposed.

Pogemiller hopes to have more information about the glitch next week — including how many students were affected.

Here’s the letter his office is preparing to send out: